Skip to content
Snippets Groups Projects
Select Git revision
20 results
Search by author
  • Any Author
  • Botaniker (Bot) Botaniker (Bot) botaniker
1 author
  1. Dec 05, 2019
    • Roberto Rojas's avatar
      Fixes Issue #494 - add tests for CIS 1.5 (#530) · af976e6f
      Roberto Rojas authored 
      
* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: default avatarLiz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: default avatarLiz Rice <liz@lizrice.com>

* fixes as per PR review
      View commits for tag v0.2.2 v0.2.2
      af976e6f
  3. Dec 02, 2019
    • Liz Rice's avatar
      Add run subcommand (#529) · f2caa1f0
      Liz Rice authored 
      * test: fix TestGetConfigFilePath

This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.

Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).

The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.

* add getYamlFilesFromDir

* add getTestYamlFiles and test

* docs: Update master / node help text

* return path + filename from getYamlFilesFromDir

* subcommand run to run specific section files
      f2caa1f0
  5. Nov 12, 2019
  7. Nov 05, 2019
  9. Nov 01, 2019
  11. Oct 24, 2019
  13. Oct 14, 2019
  15. Jul 13, 2019
  17. Jul 10, 2019
  19. Jul 08, 2019
  21. Jul 01, 2019
  23. May 17, 2019
  25. May 01, 2019
  27. Mar 12, 2019
  29. Feb 27, 2019
    • Abubakr-Sadik Nii Nai Davis's avatar
      Add kubeconfig variable substitution for kubelet and proxy. · a88b0703
      Abubakr-Sadik Nii Nai Davis authored 
      There are checks for the kubeconfig for both kubelet and proxy which
the current kube-bench implementation does not check for properly.
kube-bench checks the wrong files.

This PR adds support for variable substitution for all the config file
types are that should be checked in the CIS benchmarks.

This PR also fixes a buggy in CIS 1.3.0 check 2.2.9, which checks for
ownership of the kubelet config file /var/lib/kubelet/config.yaml but
recommends changing ownership of kubelet kubeconfig file
/etc/kubernetes/kubelet.conf as remediation.
      a88b0703
  31. Feb 19, 2019
  33. Oct 23, 2018
    • Abubakr-Sadik Nii Nai Davis's avatar
      Add getServiceFiles function. · ed218394
      Abubakr-Sadik Nii Nai Davis authored 
      The CIS benchmark check for node checks 2 config files for kubelet:
  - kubelet config file (kubelet.conf)
  - kubelet systemd unitfile (10-kubeadm.conf)

The getServiceFiles function gets candidates for kubelet systemd
unitfile and returns valid untifiles.
      ed218394
  35. Jul 26, 2018
  37. Jun 29, 2018
  39. May 11, 2018
    • Jeppe Fihl-Pearson's avatar
      Add tip about the `--version` flag to error output · 39d94df8
      Jeppe Fihl-Pearson authored 
      If people are trying to use the Docker image to check their cluster, there's a
big likelyhood of them hitting the error message saying that either `kubectl`
or `kubelet` need to be found in order for `kube-bench` to be able to determine
the Kubernetes version in use.

This adds a tip that the version can be specified manually with the `--version`
flag which is a lot easier than having to make a new Docker image with the
right version of `kubelet`/`kubectl` in order for `kube-bench` to work.
      39d94df8
  41. Mar 23, 2018
  43. Jan 11, 2018
  45. Nov 28, 2017
  47. Nov 21, 2017
  49. Nov 14, 2017
  51. Nov 13, 2017
  53. Nov 03, 2017
  55. Oct 24, 2017
  57. Oct 15, 2017
  59. Sep 26, 2017
  61. Sep 17, 2017
  63. Aug 31, 2017